soar · July 13, 2016 09:05
diff --git a/README.md b/README.md
diff --git a/write.sh b/write.sh
 #!/usr/bin/expect

 variable colorCode
 variable output

 proc putsc {color txt} {
   switch $color {
       "red"       { set colorCode "31" }
       "green"     { set colorCode "32" }
       "yellow"    { set colorCode "33" }
       "blue"      { set colorCode "34" }
       "default"   { set colorCode "0" }
   }

   set output ""
   append output "\033\[" $colorCode "m" $txt "\033\[0m"
   puts $output
 }

 set keyID       [lindex $argv 0]
 set certPass    [lindex $argv 1]
 set userPin     [lindex $argv 2]
 set adminPin    [lindex $argv 3]

 set keyName     "key_$keyID"
 set pathKeys    "database/keys"
 set pathCert    "database/certificates"
 set pathConf    "database/cfg"

 if {$keyName == "" || $certPass == "" || $userPin == ""} {
   puts "Usage: ./write_token.sh <Номер ключа> <Пароль сертификата> <Пин-код пользователя> <Пин-код администратора>\n"
   exit 1
 }

 puts "Прошивка ключа со следующими параметрами:"
 puts "      Номер ключа: $keyName"
 puts "      Пароль сертификата: $certPass"
 puts "      Пин-код пользователя: $userPin"
 puts "      Пин-код администратора: $adminPin"
 puts "Убедитесь, что значения верны, установитев ПК только токен для прошивки и нажмите Enter..."

 # 
 # TODO:
 # Admin PIN should be used, only user PIN is written to token now
 #

 expect "\n"
 #send "typed: $expect_out(buffer)"

 putsc "red" "Старт прошивки... Не извлекайте ключ до завершения процесса..."

 #
 # TODO:
 # This section is temporary removed - when openct is restarted via script,
 # token disappears from system. Should be fixed!
 #
 #puts "=========================================================================="
 #putsc "green" "     - Перезапуск OpenCT..."
 #spawn invoke-rc.d openct restart
 #expect eof
 #spawn openct-tool list
 #expect eof

 puts "=========================================================================="
 putsc "green" "     - Создание сертификатов..."

 spawn openssl pkcs12 -in $pathKeys/$keyName.pfx -out $pathKeys/$keyName.pem -nodes
 expect "Enter Import Password:"
 send "$certPass\r"
 expect eof

 spawn openssl pkcs12 -export -in $pathKeys/$keyName.pem -inkey $pathKeys/$keyName.pem -out $pathKeys/$keyName.p12
 expect "Enter Export Password:"
 send "$certPass\r"
 expect "Verifying - Enter Export Password:"
 send "$certPass\r"
 expect eof

 puts "=========================================================================="
 putsc "green" "     - Форматирование токена"
 spawn pkcs15-init --erase-card
 expect eof

 puts "=========================================================================="
 putsc "green" "     - Создание файловой системы и установка пинов"

 spawn pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk "" -p pkcs15+small
 expect -re "Please enter Unspecified PIN (.*):"
 send "12345678\r"
 expect eof

 spawn pkcs15-init --store-pin --label "Operator" --auth-id 02 --pin "12345678" --puk "" -p pkcs15+small
 expect eof

 puts "=========================================================================="
 putsc "green" "     - Заливка ключей "

 spawn pkcs15-init --generate-key rsa/512 --auth-id 02
 expect "Please enter User PIN:"
 send "12345678\r"
 expect eof

 spawn pkcs15-init --store-private-key $pathKeys/$keyName.p12 --format pkcs12 --auth-id 02
 expect "Please enter passphrase to unlock secret key:"
 send "$certPass\r"
 expect "Please enter User PIN:"
 send "12345678\r"
 expect eof

 spawn pkcs15-init --store-private-key $pathKeys/$keyName.pem --id $keyID --auth-id 02
 expect "Please enter User PIN:"
 send "12345678\r"
 expect eof

 puts "=========================================================================="
 putsc "green" "     - Смена PIN"

 spawn pkcs15-tool --change-pin -a 2
 expect -re "Enter old PIN (.*):"
 send "12345678\r"
 expect -re "Enter new PIN (.*):"
 send "$userPin\r"
 expect -re "Enter new PIN again (.*):"
 send "$userPin\r"
 expect eof

 puts "=========================================================================="
 putsc "green" "Прошивка завершена, ключ можно извлечь"

 # end of file
	#!/usr/bin/expect

	variable colorCode
	variable output

	proc putsc {color txt} {
	switch $color {
	"red" { set colorCode "31" }
	"green" { set colorCode "32" }
	"yellow" { set colorCode "33" }
	"blue" { set colorCode "34" }
	"default" { set colorCode "0" }
	}

	set output ""
	append output "\033\[" $colorCode "m" $txt "\033\[0m"
	puts $output
	}

	set keyID [lindex $argv 0]
	set certPass [lindex $argv 1]
	set userPin [lindex $argv 2]
	set adminPin [lindex $argv 3]

	set keyName "key_$keyID"
	set pathKeys "database/keys"
	set pathCert "database/certificates"
	set pathConf "database/cfg"

	if {$keyName == "" \|\| $certPass == "" \|\| $userPin == ""} {
	puts "Usage: ./write_token.sh <Номер ключа> <Пароль сертификата> <Пин-код пользователя> <Пин-код администратора>\n"
	exit 1
	}

	puts "Прошивка ключа со следующими параметрами:"
	puts " Номер ключа: $keyName"
	puts " Пароль сертификата: $certPass"
	puts " Пин-код пользователя: $userPin"
	puts " Пин-код администратора: $adminPin"
	puts "Убедитесь, что значения верны, установитев ПК только токен для прошивки и нажмите Enter..."

	#
	# TODO:
	# Admin PIN should be used, only user PIN is written to token now
	#

	expect "\n"
	#send "typed: $expect_out(buffer)"

	putsc "red" "Старт прошивки... Не извлекайте ключ до завершения процесса..."

	#
	# TODO:
	# This section is temporary removed - when openct is restarted via script,
	# token disappears from system. Should be fixed!
	#
	#puts "=========================================================================="
	#putsc "green" " - Перезапуск OpenCT..."
	#spawn invoke-rc.d openct restart
	#expect eof
	#spawn openct-tool list
	#expect eof

	puts "=========================================================================="
	putsc "green" " - Создание сертификатов..."

	spawn openssl pkcs12 -in $pathKeys/$keyName.pfx -out $pathKeys/$keyName.pem -nodes
	expect "Enter Import Password:"
	send "$certPass\r"
	expect eof

	spawn openssl pkcs12 -export -in $pathKeys/$keyName.pem -inkey $pathKeys/$keyName.pem -out $pathKeys/$keyName.p12
	expect "Enter Export Password:"
	send "$certPass\r"
	expect "Verifying - Enter Export Password:"
	send "$certPass\r"
	expect eof

	puts "=========================================================================="
	putsc "green" " - Форматирование токена"
	spawn pkcs15-init --erase-card
	expect eof

	puts "=========================================================================="
	putsc "green" " - Создание файловой системы и установка пинов"

	spawn pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk "" -p pkcs15+small
	expect -re "Please enter Unspecified PIN (.*):"
	send "12345678\r"
	expect eof

	spawn pkcs15-init --store-pin --label "Operator" --auth-id 02 --pin "12345678" --puk "" -p pkcs15+small
	expect eof

	puts "=========================================================================="
	putsc "green" " - Заливка ключей "

	spawn pkcs15-init --generate-key rsa/512 --auth-id 02
	expect "Please enter User PIN:"
	send "12345678\r"
	expect eof

	spawn pkcs15-init --store-private-key $pathKeys/$keyName.p12 --format pkcs12 --auth-id 02
	expect "Please enter passphrase to unlock secret key:"
	send "$certPass\r"
	expect "Please enter User PIN:"
	send "12345678\r"
	expect eof

	spawn pkcs15-init --store-private-key $pathKeys/$keyName.pem --id $keyID --auth-id 02
	expect "Please enter User PIN:"
	send "12345678\r"
	expect eof

	puts "=========================================================================="
	putsc "green" " - Смена PIN"

	spawn pkcs15-tool --change-pin -a 2
	expect -re "Enter old PIN (.*):"
	send "12345678\r"
	expect -re "Enter new PIN (.*):"
	send "$userPin\r"
	expect -re "Enter new PIN again (.*):"
	send "$userPin\r"
	expect eof

	puts "=========================================================================="
	putsc "green" "Прошивка завершена, ключ можно извлечь"

	# end of file